[CERT-daily] Tageszusammenfassung - 18.03.2024

Daily end-of-shift report team at cert.at
Mon Mar 18 18:11:42 CET 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 15-03-2024 18:00 − Montag 18-03-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New acoustic attack determines keystrokes from typing patterns ∗∗∗
---------------------------------------------
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-acoustic-attack-determines-keystrokes-from-typing-patterns/


∗∗∗ Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft.
---------------------------------------------
https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html


∗∗∗ Opening Pandora’s box - Supply Chain Insider Threats in Open Source projects ∗∗∗
---------------------------------------------
Granting repository "Write" access in an Open Source project is a high-stakes decision. We delve into the risks of insider threats, using a responsible disclosure for the AWS Karpenter project to demonstrate why strict safeguards are essential.
---------------------------------------------
https://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threats-in-oss-projects


∗∗∗ Saisonale Betrugsmaschen: Vorsicht bei der Urlaubsbuchung! ∗∗∗
---------------------------------------------
Passend zur Jahreszeit, in der besonders viele Urlaubsbuchungen vorgenommen werden, veröffentlichen Kriminelle betrügerische Urlaubsbuchungsplattformen wie fincas-und-villen.com. Lassen Sie sich nicht von den günstigen Preisen und schönen Bildern blenden: Hier verlieren Sie Ihr Geld und enden im schlimmsten Fall ohne Unterkunft am Urlaubsziel.
---------------------------------------------
https://www.watchlist-internet.at/news/saisonale-betrugsmaschen-urlaubsbuchung/


∗∗∗ Wie OAuth-Anwendungen über Tenant-Grenzen schützen/detektieren? ∗∗∗
---------------------------------------------
Es ist eine Frage, die sich wohl jeder Sicherheitsverantwortliche stellt, wenn es um die Cloud und den Zugriff auf Dienste mittels OAuth geht. Die Fragestellung: Wie lassen sich OAuth-Anwendungen über Tenant-Grenzen schützen/detektieren? Und wie kann man das mit Microsoft-Technologie erledigen.
---------------------------------------------
https://www.borncity.com/blog/2024/03/17/wie-oauth-anwendungen-ber-tenant-grenzen-schtzen-detektieren/


∗∗∗ Top things that you might not be doing (yet) in Entra Conditional Access – Advanced Edition ∗∗∗
---------------------------------------------
In this second part, we’ll go over more advanced security controls within Conditional Access that, in my experience, are frequently overlooked in environments during security assessments.
---------------------------------------------
https://blog.nviso.eu/2024/03/18/top-things-that-you-might-not-be-doing-yet-in-entra-conditional-access-advanced-edition/


∗∗∗ Ethereum’s CREATE2: A Double-Edged Sword in Blockchain Security ∗∗∗
---------------------------------------------
Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds.
---------------------------------------------
https://research.checkpoint.com/2024/ethereums-create2-a-double-edged-sword-in-blockchain-security/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Hackers exploit Aiohttp bug to find vulnerable networks ∗∗∗
---------------------------------------------
The ransomware actor ShadowSyndicate was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/


∗∗∗ Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 ∗∗∗
---------------------------------------------
In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.
---------------------------------------------
https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, spip, and unadf), Fedora (chromium, iwd, opensc, openvswitch, python3.6, shim, shim-unsigned-aarch64, and shim-unsigned-x64), Mageia (batik, imagemagick, irssi, jackson-databind, jupyter-notebook, ncurses, and yajl), Oracle (.NET 7.0, .NET 8.0, and dnsmasq), Red Hat (postgresql:10), SUSE (chromium, kernel, openvswitch, python-rpyc, and tiff), and Ubuntu (openjdk-8).
---------------------------------------------
https://lwn.net/Articles/965829/


∗∗∗ PoC Published for Critical Fortra Code Execution Vulnerability ∗∗∗
---------------------------------------------
A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution.
---------------------------------------------
https://www.securityweek.com/poc-published-for-critical-fortra-code-execution-vulnerability/


∗∗∗ Kritische Sicherheitslücke CVE-2024-21762 in Fortinet FortiOS wird aktiv ausgenutzt ∗∗∗
---------------------------------------------
In unserer Warnung vom 09. Februar 2024 haben wir bereits über die Sicherheitslücken CVE-2024-21762 und CVE-2024-23113 berichtet und in Folge Besitzer:innen über die für die IP-Adressen hinterlegten Abuse-Kontakten informiert. CVE-2024-21762 wird seit kurzem nun aktiv ausgenutzt. Unauthentifizierte Angreifer:innen können auf betroffenen Geräten beliebigen Code ausführen.
---------------------------------------------
https://cert.at/de/aktuelles/2024/3/kritische-sicherheitslucke-cve-2024-21762-in-fortinet-fortios-wird-aktiv-ausgenutzt


∗∗∗ Spring Framework: Updates beheben neue, alte Sicherheitslücke ∗∗∗
---------------------------------------------
Nutzen Spring-basierte Anwendungen eine URL-Parsing-Funktion des Frameworks, öffnen sie sich für verschiedene Attacken. Nicht zum ersten Mal.
---------------------------------------------
https://heise.de/-9657496


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software ∗∗∗
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list